Awesome
SecAcademic
入侵检测相关学术会议/期刊
- RAID International Symposium on Recent Advances in Intrusion Detection
- DIMVA Detection of Intrusions and Malware &Vulnerability Assessment
- ISC Information Security Conference
- SEC IFIP International Information Security Conference
- SCN Security and Communication Networks CCF C类/中科院4区
- TrustCom IEEE International Conference on Trust,Security and Privacy in Computing and Communications CCF C类/中科院4区
- NDSS ISOC Network and Distributed System Security Symposium
- IJICS International Journal of Information and Computer Security
- IJISP International Journal of Information Security and Privacy
近年异常(入侵)检测类学术文章
- Cyber intrusion detection by combined feature selection algorithm 基于组合特征和聚类算法的入侵检测(KDD99)
- Discovering and utilising expert knowledge from security event logs 主机事件挖掘
- Intrusion response prioritization based on fuzzy ELECTRE multiple criteria decision making technique
- A novel honeypot based security approach for real-time intrusion detection and prevention systems 基于蜜罐的实时入侵检测系统
- Identifying irregularities in security event logs through an object-based Chi-squared test of independence 识别安全事件中的违规行为
- Distance Measurement Methods for Improved Insider Threat Detection 企业内部威胁检测
- Defending against the Advanced Persistent Threat: An Optimal Control Approach 基于最佳控制的APT防御方案
- Network Intrusion Detection with Threat Agent Profiling 基于Threat Agent Profiling的网络入侵检测
- Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders 自编码器网络入侵检测
- An Approach for Internal Network Security Metric Based on Attack Probability 基于攻击概率的内部安全评估
- LA-GRU: Building Combined Intrusion Detection Model Based on Imbalanced Learning and Gated Recurrent Unit Neural Network 解决了数据不平衡的入侵检测模型
- A Closer Look at Intrusion Detection System for Web Applications 针对Web应用的入侵检测
- Network Intrusion Detection Method Based on PCA and Bayes Algorithm 基于PCA和贝叶斯的网络入侵检测
- Symmetry Degree Measurement and its Applications to Anomaly Detection 对称度量在异常检测中的应用
- An Intelligence-Driven Security-Aware Defense Mechanism for Advanced Persistent Threats 基于Lyapunov的,以威胁情报为后盾的态势感知
- A survey of network-based intrusion detection data sets 基于网络入侵检测数据集调查
- CorrCorr: A feature selection method for multivariate correlation network anomaly detection techniques 基于网络入侵检测的特征选择方法
- How to trick the Borg: threat models against manual and automated techniques for detecting network attacks
- Firefly algorithm based feature selection for network intrusion detection 入侵检测特征选择
- Dynamic log file analysis: An unsupervised cluster evolution approach for anomaly detection 基于无监督动态日志分析的异常检测
- A training-resistant anomaly detection system 反对抗机器学习入侵检测
- A systematic survey on multi-step attack detection 对多阶段攻击检测技术的调查
- Saving energy in aggressive intrusion detection through dynamic latency sensitivity recognition
- A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection 反向传播算法入侵检测
- https://www.sciencedirect.com/science/article/pii/S0167404817302274?via%3Dihub 入侵检测特征选择
- A survey of intrusion detection systems based on ensemble and hybrid classifiers 对基于集成和混合分类器的入侵检测调查
- MADE: Security Analytics for Enterprise Threat Detection 基于日志检测恶意软件活动
- A Reinforcement Learning Approach for Attack Graph Analysis 基于强化学习的攻击图分析
- Profiling Network Traffic Behavior for the Purpose of Anomaly-Based Intrusion Detection 基于流量行为的异常检测
- Insider Threat Detection Through Attributed Graph Clustering 基于属性图聚类的内部威胁检测
- Unsupervised Feature Selection Method for Intrusion Detection System 入侵检测系统中的无监督学习特征选择
- Big Data Analytics for Detecting Host Misbehavior in Large Logs 从日志中分析主机的不当行为
- An Efficient and Scalable Intrusion Detection System on Logs of Distributed Applications 基于分布式日志的入侵检测
- Process Discovery for Industrial Control System Cyber Attack Detection 工控系统入侵检测
- Visualization of Intrusion Detection Alarms Collected from Multiple Networks 入侵检测系统告警信息可视化
- Slop: Towards an Efficient and Universal Streaming Log Parser 高效的日志流解析器
- A Linguistic Approach Towards Intrusion Detection in Actual Proxy Logs 在代理日志中进行入侵检测
- A Transparent Learning Approach for Attack Prediction Based on User Behavior Analysis 基于用户行为预测攻击
- Towards a Timely Causality Analysis for Enterprise Security 基于因果关系分析的企业内部安全检测
- Anomaly detection through information sharing under different topologies 基于拓扑间信息共享的异常检测
- Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection 多步攻击检测
- Detecting lateral spear phishing attacks in organisations 横向鱼叉钓鱼检测
- Detecting new generations of threats using attribute-based attack graph 基于属性图的下一代威胁检测
- Network intrusion detection algorithm based on deep neural network 基于深度神经网络的入侵检测
- Detecting anomalous traffic in the controlled network based on cross entropy and support vector machine 基于交叉熵和SVM的网络入侵检测
- Tightroping between APT and BCI in small enterprises 小型企业APT与业务信息之间的关联
- Sequential pattern analysis for event-based intrusion detection 基于事件的恶意入侵序列特征分析
- Development of an efficient classifier using proposed sensitivity-based feature selection technique for intrusion detection system 入侵检测特征选择技术
- Building an Effective Approach toward Intrusion Detection Using Ensemble Feature Selection 基于集合特征选择的入侵检测
APT攻击检测专题
- HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows 基于细粒度事件关系图的APT攻击检测,算法为自设计评分模型
- ATLAS: A Sequence-based Learning Approach for Attack Investigation 基于因果图构建APT攻击行为检测序列实现攻击检测
横向移动专题
- Lateral Movement Detection Using Distributed Data Fusion 基于数据融合的横向移动检测
- An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement 无监督多检测点的横向移动检测
- Proposed Framework for Network Lateral Movement Detection Based On User Risk Scoring in SIEM 基于评分模型的横向移动检测
- Latte: Large-Scale Lateral Movement Detection 大规模横向移动检测
- A Novel Approach for Identifying Lateral Movement Attacks Based on Network Embedding 基于网络嵌入的横向移动检测
- Quantitative security analysis of a dynamic network system under lateral movement-based attacks 基于横向移动攻击的动态网络模型评估
- Facing lateral movements using widespread behavioral probes 使用行为探针检测横向移动
- Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment 基于证据推理的实时横向移动检测
- A Machine Learning Approach for RDP-based Lateral Movement Detection 基于RDP的横向移动检测(滑铁卢大学硕士学位论文)
- CERT-EU_SWP_17-002_Lateral_Movements 欧洲应急响应中心的关于横向移动检测的报告
- Detecting Lateral Movement Through Tracking Event Logs_version2 日本国家应急响应中心的通过日志检测横向移动的报告
- https://jpcertcc.github.io/ToolAnalysisResultSheet/ 日本国家应急响应中心对横向移动各类工具日志检测的结果
- Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AI 基于异构图边预测的横向移动检测
基于主机日志(事件)类学术论文
- Discovering and utilising expert knowledge from security event logs主机事件挖掘
- Identifying irregularities in security event logs through an object-based Chi-squared test of independence识别安全事件中的违规行为
- Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks 从各类安全事件(告警)日志中提取有价值信息
Web安全类学术文章(CCF 会议期刊ABC)
- SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel
- SQL injection attacks - a systematic review SQL注入检测综述
恶意软件类
- Classification of malware families based on runtime behaviors
- A Feature Extraction Method of Hybrid Gram for Malicious Behavior Based on Machine Learning
- Malware Detection on Byte Streams of PDF Files Using Convolutional Neural Networks
- A Novel Immune-Inspired Shellcode Detection Algorithm Based on Hyperellipsoid Detectors. Shellcode检测
- Detecting Malware with an Ensemble Method Based on Deep Neural Network 恶意软件检测
- ALDOCX: Detection of Unknown Malicious Microsoft Office Documents Using Designated Active Learning Methods Based on New Structural Feature Extraction Methodology 恶意Office文档检测
- Survey of machine learning techniques for malware analysis 对恶意软件分析技术的调查
- Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning 深度学习恶意软件检测
- From big data to knowledge: A spatio-temporal approach to malware detection 基于时间、空间关联信息的恶意软件检测
- A malware detection method based on family behavior graph 基于家族行为图的恶意软件检测
- Using side channel TCP features for real-time detection of malware connections TCP侧信道检测恶意软件通信
- DECANTeR: DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting 恶意HTTP通信检测
- Countering Malicious Processes with Process-DNS Association 基于DNS的恶意进程检测
- Polymorphic malware detection using sequence classification methods and ensembles 使用序列分类方法和集成进行多态恶意软件检测
- Malware classification based on API calls and behaviour analysis 基于API调用的恶意软件分类
- Mining malicious behavioural patterns 挖掘恶意软件的行为模式
- Behavioral Modeling of Malicious Objects in a Highly Infected Network Under Quarantine Defence 高度隔离环境下的恶意软件行为分析
DDOS检测
- MLP-GA based algorithm to detect application layer DDoS attack
- An event based technique for detecting spoofed IP packets
- A DDoS Attack Detection Method Based on SVM in Software Defined Network
- Preventing Distributed Denial-of-Service Flooding Attacks With Dynamic Path Identifiers 基于动态路径标识的DDOS防御
- HADEC: Hadoop-based live DDoS detection framework. 基于hadoop的DDOS检测
域名类
- An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis 基于DNS流量不平衡的恶意域名检测
- Issues and challenges in DNS based botnet detection: A survey 僵尸网络DNS隧道的调查
- Detection of malicious and low throughput data exfiltration over the DNS protocol DNS隧道检测
- DomainChroma: Building actionable threat intelligence from malicious domain names 通过恶意域名构建威胁情报
- Toward secure name resolution on the internet 下一代安全名称解析协议
- DNS Tunneling Detection Method Based on Multilabel Support Vector Machine DNS通信隧道检测
- Detecting DNS Tunnel through Binary-Classification Based on Behavior Features DNS隧道检测
- Getting Under Alexa’s Umbrella: Infiltration Attacks Against Internet Top Domain Lists
- Fast Flux Service Network Detection via Data Mining on Passive DNS Traffic
- A Deep Learning Based Online Malicious URL and DNS Detection Scheme 基于深度学习的恶意URL和DNS检测
- Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs 恶意域检测
爬虫检测
- Detection Method for Distributed Web-Crawlers: A Long-Tail Threshold Model 分布式爬虫检测
防御类
- Misery Digraphs: Delaying Intrusion Attacks in Obscure Clouds 云架构上的欺骗防御
- https://ieeexplore.ieee.org/document/8325528 大型网络动态防御技术
其他
- Automatic Identification of Honeypot Server Using Machine Learning Techniques 基于机器学习的蜜罐识别
- https://www.csuldw.com/2019/03/24/2019-03-24-anomaly-detection-introduction/ 八大无监督异常检测技术
- http://sofasofa.io/tutorials/anomaly_detection/ 利用Autoencoder进行无监督异常检测
- https://www.ibm.com/developerworks/cn/cognitive/library/cc-unsupervised-learning-data-classification/index.html 用于数据分类的无监督学习
数据集
- https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=508099 内部威胁检测
- https://csr.lanl.gov/data/cyber1/
- https://vizsec.org/data/
- https://github.com/logpai/loghub
- https://snap.stanford.edu/data/index.html 斯坦福大学数据集
恶意软件分析平台
- https://www.virustotal.com/gui/home/upload
- http://habo.qq.com
- https://analyze.intezer.com/
- https://app.any.run/
- https://www.hybrid-analysis.com/
- https://malwr.com/
- http://www.securitytalk.xyz/sample
- https://www.reverse.it/
- https://bazaar.abuse.ch/browse/
- https://labs.inquest.net/